API Abuse – The Anatomy of An Attack
A talk given by David Stewart from CriticalBlue at the 2019 Platform Summit in Stockholm.
Gartner’s statement that “By 2022, API abuses will be the most-frequent attack vector resulting in data breaches for enterprise web applications.” is often quoted, but what does an API abuse attack actually look and feel like?
At last year’s Platform Summit, I described 3 different types of API abuse at a high level, summarizing who abuses and why.
The year I will go into anatomical and forensic detail on one specific API abuse attack based on our real experiences, explaining what it looked and felt like through the exploration and probing phase, into the setup and test stage, and finally into the at scale exploitation.
Remembering that API abuse attacks are often carried out at low frequency and with valid user credentials and API keys, the audience will be challenged to consider how their API defense mechanisms would cope against bad actors behaving as described.
Attendees may feel the need to contact their home offices after this presentation, just to check a few things…
Видео API Abuse – The Anatomy of An Attack канала Nordic APIs
Gartner’s statement that “By 2022, API abuses will be the most-frequent attack vector resulting in data breaches for enterprise web applications.” is often quoted, but what does an API abuse attack actually look and feel like?
At last year’s Platform Summit, I described 3 different types of API abuse at a high level, summarizing who abuses and why.
The year I will go into anatomical and forensic detail on one specific API abuse attack based on our real experiences, explaining what it looked and felt like through the exploration and probing phase, into the setup and test stage, and finally into the at scale exploitation.
Remembering that API abuse attacks are often carried out at low frequency and with valid user credentials and API keys, the audience will be challenged to consider how their API defense mechanisms would cope against bad actors behaving as described.
Attendees may feel the need to contact their home offices after this presentation, just to check a few things…
Видео API Abuse – The Anatomy of An Attack канала Nordic APIs
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
![The Art of Documentation & Making Your API Go from Good to Great](https://i.ytimg.com/vi/kkO5rBe7vs0/default.jpg)
![APIs in the public transport industry — what's next?](https://i.ytimg.com/vi/wNsaEvrUMKI/default.jpg)
![What Does It Take to Become a Platform Company?](https://i.ytimg.com/vi/pYQDFMBto0o/default.jpg)
![APIs for the B2B Social Tech Revolution](https://i.ytimg.com/vi/AE1dAF0l5RE/default.jpg)
![Digital first Real Estate Banking](https://i.ytimg.com/vi/Cwfm3pQ6p_w/default.jpg)
![Be REST Assured - but What's with API Usability?](https://i.ytimg.com/vi/qDugrGyZ6PA/default.jpg)
![The Why & How of Testing APIs](https://i.ytimg.com/vi/wWHQRa5zzsg/default.jpg)
![Management and Security of Contextual Communications](https://i.ytimg.com/vi/oJgsQacX5sM/default.jpg)
![Automatic Testing of API Documentation](https://i.ytimg.com/vi/5hDclyvqUrU/default.jpg)
![Content Negotiation for REST APIs](https://i.ytimg.com/vi/xRyCykwqDEk/default.jpg)
![Life After Microservices: Shifting the Boundaries](https://i.ytimg.com/vi/8sCrum2KG8U/default.jpg)
![Why Developers use APIs and what can you do about it.](https://i.ytimg.com/vi/0J7WduojAhY/default.jpg)
![API Economies: APIs as Bridges from Services to Real Digital Experiences](https://i.ytimg.com/vi/4yXvIo6k7lc/default.jpg)
![API and Platform Transformation Patterns to Power Your Business](https://i.ytimg.com/vi/PUuNv4GPOjE/default.jpg)
![Human in the loop Workflow Automation](https://i.ytimg.com/vi/OWq9JxMwWQ8/default.jpg)
![The Next Challenge for API Management: Real Time on the Edge](https://i.ytimg.com/vi/Tizx93hhm7s/default.jpg)
![Accelerating API Development, Testing and Delivery with API Virtualisation](https://i.ytimg.com/vi/TeyZW3rWWZc/default.jpg)
![Jacob Has a Horse, Says Travis – a Tale of Truths In a Microservice Architecture](https://i.ytimg.com/vi/pua07chpYBU/default.jpg)
![The Four Archetypes of Developer Champion Programmes](https://i.ytimg.com/vi/gPTBB9mRjnw/default.jpg)
![The Event Horizon -- Designing API's for the Internet of Things](https://i.ytimg.com/vi/_zkrI60qaGA/default.jpg)
![Journey towards Scaling Your Application to 10 Million Users](https://i.ytimg.com/vi/uUri639IsPk/default.jpg)